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Abstract — We  consider  the  problem  of  secure  multicast  in  an 
energy-constrained  wireless  environment.  We  present  an  analytical 
formulation  of  the  energy  expenditure  associated  with  the  communi¬ 
cation  overhead  of  key  management  and  highlight  its  dependence  on 
the  network  topology  and  the  key  distribution  method.  We  show  that 
the  optimal  solution  of  this  formulation  does  not  scale  with  multicast 
group  size  and  propose  a  sub-optimal,  cross-layer,  low-complexity 
algorithm  for  energy  efficient  key  distribution.  We  present  simulation 
studies  that  show  the  energy  savings  achieved  by  our  scheme  and 
compare  its  performance  when  different  routing  algorithms  are 
employed. 

1.  Introduction 

Wireless  ad  hoc  networks  operate  without  a  pre-deployed 
infrastructure.  Due  to  their  high  degree  of  flexibility  and  self¬ 
configurability,  they  have  become  one  of  the  most  attrac¬ 
tive  solutions  for  rapidly  interconnecting  a  large  number  of 
mobile  personal  devices.  Most  of  the  sensors  are  battery- 
operated  and  hence,  constrained  in  communication  and  com¬ 
putational  capabilities.  The  power  consumption  due  to  com¬ 
putation  has  been  significantly  reducing  due  to  advances  in 
silicon  technologies [1].  However,  the  power  consumption  due 
to  communication  is  significantly  affected  by  the  physical 
properties  of  the  medium  of  signal  propagation  and  is  the  most 
dominant  factor  in  battery  depletion  [1]. 

Many  group  applications  already  implemented  in  wired  net¬ 
works  will  be  extended  to  wireless  ad  hoc  networks.  Multicast 
is  the  most  suitable  model  for  reducing  the  incurring  network 
load,  when  traffic  needs  to  be  securely  delivered  from  a  single 
authorized  sender  to  a  large  group  of  valid  receivers.  Provision 
of  security  for  multicast  sessions  is  realized  through  encrypt¬ 
ing  the  session  traffic  with  cryptographic  keys.  All  multicast 
members  must  hold  valid  keys  in  order  to  be  able  to  decrypt 
the  received  information. 

The  problem  of  distributing  and  updating  the  cryptographic 
keys  to  valid  members,  known  as  key  management,  adds  stor¬ 
age,  communication  and  computational  overhead  to  the  network 
management.  Key  updates  are  required  either  periodically  or 
on-demand,  to  accommodate  membership  changes,  including 
additions  and  deletions,  in  multicast  groups.  Security  being 
a  network  management  problem,  should  consume  as  minimal 
energy  as  possible  in  updating  the  keys.  In  wireless  ad  hoc 
networks  where  nodes  are  dependent  upon  batteries,  excessive 
overhead  can  lead  to  rapid  battery  depletion,  resulting  in  lack 
of  network  connectivity  and/or  termination  of  essential  network 
services.  While  satisfying  typical  constraints  such  as  band¬ 
width,  complexity  and  storage  is  a  must  for  providing  multicast 


services,  node  energy  preservation  is  one  of  the  most  crucial 
parameters  for  ensuring  network  operation  in  an  wireless  ad 
hoc  environment.  Energy  is  a  physical  layer  parameter,  while 
security  is  an  application  layer  service.  Hence,  the  energy- 
efficient  design  has  to  take  the  cross-layer  interaction  into 
consideration. 

In  this  paper,  we  study  the  problem  of  energy-efficient 
multicast  key  distribution.  We  first  present  an  analytical  for¬ 
mulation  based  on  energy-expenditure  due  to  re-keying  and 
jointly  consider  the  physical,  network  and  application  layers 
in  the  formulation.  By  making  use  of  the  minimum  weight 
non-bipartite  matching  problem  (MWNBM)  [2],  we  show  that 
for  a  multicast  group  with  N  members,  a  candidate  optimal 
solution  for  minimizing  the  energy  expenditure  has  at  least 
0{N^)  complexity.  We  then  present  a  sub-optimal,  cross¬ 
layer  algorithms  that  considers  the  node  transmission  power 
(physical  layer  property)  and  the  multicast  routing  tree  (network 
layer  property)  in  order  to  construct  an  energy-efficient  key 
distribution  scheme  (application  layer  property). 

After  showing  that  the  cross-layer  design  has  to  make  use  of 
underlying  broadcast  routing,  we  analyze  the  impact  of  recently 
proposed  multicast  routing  protocols  on  the  energy  expenditure 
due  to  key  updated  communication  overhead.  We  consider 
power-efficient  multicast  routing  algorithms  such  as  the  Broad¬ 
cast  Incremental  Power  (BIP)  [3],  the  Embedded  Wireless 
Multicast  Advantage  (EWMA)  [4],  the  Minimum  Spanning  Tree 
(MST)  [5]  and  the  Shortest  Path  Routing  (SPR)  [5].  As  an 
interesting  observation,  we  show  that  the  most  energy-efficient 
broadcast  routing  may  not  be  the  most  suitable  one  for  energy- 
efficient  key  distribution.  This  is  due  to  the  fact  that  re-keying 
requires  different  keys  to  be  transmitted  to  different  sub-groups, 
while  broadcast  routing  tries  to  reach  as  many  nodes  as  possible 
at  once. 

The  remainder  of  the  paper  is  organized  as  follows.  In 
Section  II  we  present  notation  and  background  information. 
In  Section  III  we  describe  the  network  model  assumptions. 
In  Section  IV  we  formulate  the  routing-aware  key  distribution 
problem  as  an  optimization  problem  and  derive  the  complexity 
of  the  optimal  solution.  We  then  develop  a  sub-optimal  energy- 
efficient  routing-aware  key  distribution  algorithm.  In  Section 
V,  we  provide  simulation  results  to  show  the  improvements 
achieved  by  our  algorithms  and  compare  the  performance  of 
our  scheme  under  different  routing  algorithms.  In  Section  VI 
we  present  conclusions. 
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Fig.  1.  (a)  Ml  leaves  the  multicast  group  in  a  binary  key  tree,  (b)  Update  messages  sent  by  the  GC  to  valid  members. 


II.  Notation  and  Background 

A.  Notation 


and  the  GC  needs  to  send  the  update  messages  shown  in 
Figure  1(b)  to  the  remaining  valid  members. 


The  following  notations  will  be  used  through  the  rest  of  the 
paper. 


N 

T 

Ki.j 

M, 

GC 

G{V,A) 

R 

B  ^  S  :  m 


Si  AT) 


Multicast  group  size. 

Key  distribution  tree  of  height  h. 

The  root  has  level  1  =  0. 

Key  assigned  to  the  jth  node  of  the 
Ith  level  of  the  tree  T. 

The  ith  member  of  the  multicast  group. 
Group  controller  of  the  multicast  group. 
An  undirected  graph  with  a  set  of 
vertices  V  and  a  set  of  edges  A. 

The  routing  tree  of  an  ad  hoc  network. 
Message  m  encrypted  with  key  K^j. 

B  sends  a  message  m  to  all 
members  of  subset  S. 

Set  of  members  holding  the  key  Ki,j 


B.  A  review  of  group  key  management  techniques 

When  secure  communications  involve  large  dynamic 
groups  with  frequent  membership  changes,  the  key  manage¬ 
ment/distribution  scheme  needs  to  be  scalable  with  the  group 
size.  The  number  of  updated  keys  after  a  member  leave  is 
significantly  higher  than  the  updated  keys  after  a  member  join 
[6],  [7].  Hence,  key  management  schemes  mainly  address  the 
overhead  of  a  member  (or  multiple  members)  leave. 

Scalable  solutions  in  both  communication  cost  and  storage 
requirements  group  key  management  techniques  that  have  been 
proposed  for  group  communication  in  wired  networks  make  use 
of  logical  key  trees  [6],  [7],  [8],  [9].  Logical  key  tree  based 
schemes  reduce  the  complexity  of  re-keying  operation  after  a 
member  leave  from  0{N)  (Trees  of  degree  N)  to  OflogN) 
[6].  The  storage  requirement  of  a  member  in  a  logical  key  tree 
is  also  0{logN). 

In  Figure  1(a),  we  present  a  key  distribution  tree  for  a 
multicast  group  of  V  =  8  members  plus  the  GC.  Each  member 
is  assigned  keys  that  are  along  the  path  traced  from  the  leaf 
node  to  the  root  [6].  For  example  Mi  is  assigned  keys  {Kq, 
Ki.i,  K2.1,  ATa.i}.  If  Ml  leaves  the  multicast  group  keys  {Kq, 
Ki.i,  7^2. 1}  need  to  be  updated  by  new  keys  denoted  as  KG 


C.  Broadcast  routing  in  ad  hoc  networks 

The  broadcast  routing  service  provided  by  the  network  layer, 
is  establishing  the  appropriate  paths  for  reaching  all  nodes 
of  the  network,  from  a  single  sender.  The  routing  algorithms 
are  aiming  at  minimizing  the  total  energy  for  broadcasting  a 
message  to  every  member  of  the  multicast  group.  The  network 
management  problem  of  finding  a  broadcast  tree  with  minimum 
total  transmit  power  is  known  to  be  NP-hard  [3],  [4],  [10]. 
Several  heuristic  algorithms  have  been  recently  developed  for 
power-efficient  broadcasting  with  sub-optimal  performance  [3], 
[4],  [10].  Most  of  the  heuristics  attempt  to  fully  exploit  the 
wireless  broadcast  advantage. 

To  the  best  of  our  knowledge,  the  impact  of  broadcast  routing 
algorithms  on  the  efficiency  of  the  key  distribution  has  not 
been  studied  before.  One  might  expect  that  a  routing  algorithm 
that  minimizes  the  total  transmit  power  will  perform  efficiently 
in  the  key  distribution.  However,  rekeying  of  valid  members 
involves  transmissions  to  sub-groups  of  different  size. 

Lets  consider  the  case  of  member  Mi  leaving  the  mul¬ 
ticast  group  in  Figure  1(a).  The  keys  to  be  updated  are 
already  marked.  According  to  Figure  1(b),  there  are  two 
unicast  transmissions  to  {M2},  one  sub-group  transmission 
to  {M3,M4},  one  sub-group  transmission  to  {M2,M3,M4} 
and  one  to  {M5  —  Mg}.  Routing  algorithms  optimized  for 
broadcast  transmission  need  not  be  efficient  for  unicast  or 
sub-group  transmissions.  We  will  investigate  the  impact  of 
recently  proposed  power-efficient  routing  algorithms  on  the 
energy  consumption  due  to  key  management. 

It  is  also  possible  to  formulate  the  problem  to  choose  the 
routing  that  will  optimize  the  key  update  communications. 
However,  we  note  that  the  communication  overhead  for  re¬ 
keying  is  relatively  small  compared  to  the  session  traffic.  Hence, 
it  would  be  unreasonable  to  optimize  the  routing  tree  for 
minimizing  the  energy  expenditure  due  to  the  overhead.  Instead, 
we  will  examine  what  is  the  performance  of  our  key  distribution 
scheme  when  various  routing  algorithms  are  employed. 

HI.  Network  Model 

We  assume  that  the  network  consists  of  N  members  of 
a  multicast  group  plus  the  GC,  randomly  distributed  in  a 


specific  area.  We  consider  a  single-sender  multiple-receiver 
communication  model.  We  also  assume  that  any  node  can  act  as 
relay  node  and  the  communication  range  is  constrained  by  the 
node’s  maximum  transmission  power.  The  nodes  of  the  network 
are  assumed  to  be  static  (no  mobility  is  incorporated). 

The  network  nodes  are  assumed  to  have  limited  computa¬ 
tional  capabilities  and  constrained  energy  resources.  However, 
we  assume  that  they  are  capable  of  generating  and  managing 
cryptographic  keys.  We  also  assume  that  signal  transmission 
is  the  major  component  of  energy  expenditure  and  therefore 
ignore  any  energy  cost  due  to  computation  and  information 
processing  [1].  We  further  assume  that  omnidirectional  anten¬ 
nas  are  used  for  transmission  and  reception  of  the  signal. 

We  assume  that  the  network  has  been  successfully  initialized, 
and  initial  cryptographic  quantities  (pair-wise  trust  establish¬ 
ment)  have  been  distributed.  Several  novel  approaches  that 
address  the  critical  problem  of  secure  initialization  in  ad  hoc 
networks  with  energy  limitations,  have  been  recently  presented 
in  [11],  [12],  [13]. 

IV.  Routing- Aware  Key  Distribution 
A.  Formulation  of  the  routing-aware  key  distribution  problem 

A  member  leave  requires  a  significantly  larger  number  of  re¬ 
key  messages  than  a  member  join  [6],  [7].  Although  a  member 
leave  adds  the  same  bandwidth  overhead  to  the  network  (in  a 
balanced  key  structure),  the  energy  overhead  depends  on  the 
underlying  routing  tree  and  key  distribution  tree  [14].  In  this 
paper  we  explicitly  express  the  key  update  energy  according  to 
the  multicast  routing  tree  R  and  the  key  distribution  tree  T. 

We  assume  that  the  probability  of  each  member  leaving  the 
multicast  group  is  uniform,  i.e.,  members  have  equal  probability 
of  leaving  the  multicast  group.  For  simplicity,  we  assume  that 
N  =  d^,  r  €  Z+.  We  denote  as  EmXR^T),  the  energy  for 
re-keying  after  the  member  on  the  leaf  of  the  key  tree 
leaves  the  multicast  group  and  as  Etl{R,T),  the  total  energy 
expenditure  after  each  member  leaves  the  multicast  group. 
For  expressing  those  quantities  we  denote  as  E the 
energy  for  transmitting  a  key  from  the  GC  to  all  members  of 
the  set  Si,j{T),  according  to  the  routing  tree  R  (for  simplicity 
Si,j  =  Si,j(T)  and  Eg^  .  =  Eg^  .(^t){R))-  For  the  sake  of 
illustration  we  first  consider  a  binary  tree  with  eight  nodes. 

Assume  that  Mi  in  Figure  1(a)  is  leaving  the  multicast  group. 
The  key  updates  shown  in  Figure  1(b)  need  to  be  sent  to  valid 
members.  The  total  energy  expenditure  for  sending  the  re-key 
update  messages  is: 

Emi{R,T)  =  Es3.2  +  Eg^^  -\-  Eg^^  -\-  Eg^  ^\Mi 

+Esi,i\Mi  (1) 

3  2 

=  X/  +  X/  (2) 

i=l  i=l 

where  we  denote  as  Si,j\Mi,  the  exclusion  of  Mi  from  set  Si,j. 
The  term  Eg^  ^  is  due  to  the  unicast  transmission  of  i}k3  2 
to  M2.  The  term  Eg^  ^  is  due  to  the  multicast  transmission  of 
{K{  i}k2  2  '^o  M3,  M4.  Similarly,  the  rest  of  the  terms  follow. 


The  total  energy  for  re-keying  after  each  member  leaves  the 
multicast  group  is: 

8 

Etl{R,T)  = 

8  4  2 

2=1  2=1  2=1 

2  4  4  2 

EE  Es3g\Si.Ak)  +EE  Es2.AS2.Ak) 

j  —  l  k—l  j—1  k—1 

3  2*  22*  ISi.jl 

=  E  E  +  E  E  E  ^s,.ASi.j{k) 

2=1  j  —  ^  i—1  j—l  k—l 

where  |,  denotes  the  size  of  the  set  Si.j  and  Si.j  {k),  denotes 
the  element  of  set  Si.j .  Generalizing  (2)  to  a  d-ary  key  tree 
with  N  group  members  leads  to: 

d 

Emi{R,T)  =  -  -I-  +  . . .  +  Eg^  .) 

i=2 

+Esih-i).i\Mi  +  •  ■  •  +  Ag^  ^\Mi 

h  d  h  —  1 

=  EE^«...-  +  E^s-w.  (3) 

2=1  j  —  2  2=1 

The  total  energy  for  re-keying  after  each  member  leaves  the 
multicast  group  in  its  general  form  is  expressed  as: 

N 

Etl{R,T)  =  J2EMdR,T) 

2=1 

N  N/d 

=  {d-l)J2Es,.,  +  {d-l)dJ2Es^,_3,., 
2=1  2=1 

d 

+  ...  +  (d-i)dF‘-i)^F;g,,, 

2=1 

+  E  E  ^S(h-i).AS(h-i).jik) 

j=l  k=l 

d  I  Si. 3  I 

+  '-'  +  E  E  ^Si.ASi.Ak) 

j=i  k=i 

=  id-i)(ts--^j:Eg,] 

\i=i  j=i  j 

h  —  1  d*  I'S'i.jl 

+EE  E *^4) 

2=1  j  —  l  k—l 

Hence  the  average  energy  required  for  re-keying  after  a 
member  leave  is  Eave{R,T)  =  Etl{R,T)/N .  We  observe 
that  the  average  update  energy  depends  upon  the  routing  tree 
R  and  the  key  distribution  tree  T,  i.e.  the  members’  position 
on  the  leaves  of  the  key  distribution  tree.  We  do  not  attempt  to 
minimize  Eave(.R,  T)  with  respect  to  R,  since  R  is  optimized 


Fig.  2.  (a)  An  ad  hoc  network  of  4  multicast  members  plus  the  GC.  (b)  The  fully  connected  MWNBM  graph  G(V,  A),  (c)  The  optimal  solution  for  the 

MWNBM  graph  of  (b).  (d)  The  equivalent  optimal  key  distribution  tree. 

Optimal  sub-grouping  of  two  members  problem. 

Set  of  multicast  members  So{T). 

{Energy  expenditure  for  transmitting  a  message  from  the 
the  GC  to  the  members  connected  by  edge  e  &  A 
Minimum  energy  expenditure  for  sending  a  message  to 
sub-groups  of  two  members  Sh-i.i{T),  i  =  1 . . .  "j. 

T*  =  argminT  _ 

TABLE  I 

Equivalence  of  the  MWNBM  problem  with  the  optimal  sub-grouping  of  two  members  problem. 


MWNBM  problem. 
Set  of  vertices  V. 

Weight  of  edge  tu(e). 

Optimum  matching  M  for  a 
fully  connected  graph  G{V,  A) 
M*  =  argminMl],gM^(«) 


to  deliver  the  traffic  stream  to  the  multicast  members.  Instead, 
we  are  interested  in  selecting  the  optimal  tree  T*  that  minimizes 
Eave{R,T)  given  that  routing  is  provided  by  the  network 
layer. 

T*  =  a,TgimnEAVE{R,T)  (5) 

We  now  investigate  the  solution  approach  to  this  formulation. 

B.  Complexity  of  the  optimal  solution 

Solving  the  minimization  problem  in  (5)  is  equivalent  to 
minimizing  Etl{R,T)  expressed  in  (4),  given  that  the  mem¬ 
bers  leave  the  multicast  group  with  the  same  probability.  From 
(4),  we  observe  that  Etl{R,T)  consists  of  all  the  unicast 
energies  to  every  multicast  member  (which  are  independent  of 
the  key  tree  structure  we  employ),  plus  the  energies  required 
for  transmitting  a  key  to  every  subset  holding  keys  at  level 
(h  —  1)  (sub-groups  of  two  members),  plus  the  energies  for 
sending  keys  to  every  subset  holding  keys  at  level  {h  —  2)  (sub¬ 
groups  of  four  members)  and  so  forth  up  to  level  one.  The 
term  Etl{R,T)  also  includes  transmissions  of  keys  to  subsets 
holding  keys  at  every  level  of  the  key  tree,  excluding  the  evicted 
member. 

We  now  show  that  even  for  a  sub  group  consisting  two 
members,  the  optimal  energy-efficient  solution  for  updating 
keys  under  member  deletion  does  not  scale  with  group  size. 
The  goal  then  is  to  optimally  select  subsets  of  two  members 
(partitioning  the  multicast  group  into  subsets  of  two  members), 
so  as  to  minimize  the  energy  expenditure  for  sending  a  message 
to  every  subset  in  the  average  sense.  We  now  show  that  the 
problem  of  finding  an  optimal  strategy  for  pairing  members 
so  that  the  total  energy  for  updating  keys  is  minimized  when 


each  subgroup  has  only  two  members  can  be  transformed 
into  the  problem  of  Minimum  Weight  Non-Bipartite  Matching 
(MWNBM)  [2]  described  below: 

MWNBM-  Let  G{V,  A)  be  an  undirected  graph.  A  matching 
M  in  G(y,A)  is  a  collection  of  edges  MCA  such  that 
no  two  edges  in  M  are  incident.  Let  w  :  A  ^  SR'*'  be  a 
function  which  assigns  a  weight  to  each  of  the  edge  e  of  G. 
The  weight  w{E)  of  a  subset  F  C  A  of  the  edges  of  G  is 
defined  as  w{F)  :=  minimum  weight  non¬ 

biparti  te  matching  problem  is  to  find  a  perfect  matching  ',  M 
in  G  such  that  w{M)  is  minimum. 

Mapping  the  two-member  keying  problem  to  MWNBM  prob¬ 
lem.  In  the  problem  of  mapping  two-members  to  the  leaves 
of  the  tree,  we  are  given  a  fully  connected  graph  with  edges 
connecting  the  nodes  indicating  the  energies  for  reaching  the 
nodes  connecting  the  edges.  We  want  to  pick  the  edges  such 
that  the  total  edge  weight  is  minimal  and  every  node  is 
paired  with  one  and  only  one  another  node.  Hence,  finding  the 
optimal  matching  M*  for  the  fully  connected  graph  G{V,  A)  is 
equivalent  to  finding  the  optimal  key  tree  T*  that  assigns  the 
least  energy  to  transmit  one  message  to  subsets  consisting  of 
two  members  S(^h-i).i^  i  =  1  ■  •  ■  N/2.  The  table  I  presents  the 
mapping  in  detail.  We  now  illustrate  it  with  an  example. 

In  Figure  2(a)  we  show  the  routing  tree  of  a  four-member 
multicast  group,  plus  the  GC.  In  Figure  2(b)  we  show  the 
fully  connected  graph  G{V,  A)  of  the  equivalent  MWNBM 
problem,  with  the  weights  w(e),  e  €  A,  corresponding  to  the 
energy  required  to  transmit  a  message  from  the  GC  to  the  two 
members  connected  by  the  edge  e.  In  Figure  2(c)  we  show  the 
optimal  matching  M*  for  the  graph  in  Figure  2(b).  Based  on 

*  A  matching  is  perfect  if  every  vertex  is  matched  with  only  one  other  vertex. 
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Fig.  3.  (a)  The  routing  paths  of  a  wireless  ad  hoc  network,  (b)  Key  distribution  tree  built  with  the  Routing- Aware  key  distribution  algorithm,  (c)  Best  possible 

Key  distribution  tree. 


the  Figure  2(c),  we  place  the  nodes  {4,  5, 2,  3}  at  the  leaves  of 
the  key  distribution  tree,  from  left  to  right  in  that  order. 

Though  several  algorithms  have  been  developed  for  hnding 
the  optimal  solution  of  the  MWNBM  problem  [2],  [15],  the 
most  efficient  technique  [15]  requires  the  use  of  sophisticated 
data  structures  and  has  complexity  of  0{N{m+Nlogn))  where 
|y  I  =  iV  and  I  A|  =  m.  Since  our  graph  is  fully  connected,  m  = 
and  the  complexity  of  the  optimum  solution  becomes 
0{N^).  Since  the  key  tree  includes  subgroups  of  various  sizes, 
our  observation  implies  that  the  complexity  of  constructing  an 
optimal  key  tree  will  be  at  least  as  much  as  0{N^).  Hence, 
even  the  most  efficient  algorithm  is  not  best  suited  for  moderate 
to  large  multicast  group  sizes. 

Using  an  example,  we  now  show  the  negative  result  that 
obtaining  the  optimal  solution  for  sub-groups  of  two  members 
does  not  guarantee  optimality  for  distributing  keys  to  sub¬ 
groups  of  bigger  size.  The  Figure  3(a)  presents  a  routing 
tree  of  an  ad  hoc  network.  According  to  the  routing  tree 
in  Figure  3(a),  the  optimal  sub-group  sets  of  size  two  are 
{3, 4},  {7,  2},  {6,  8},  {9, 5}  requiring  total  energy  of  66.89  E.U. 
for  sending  one  message  to  each  group.  The  optimal  sub-group 
sets  of  four  elements  are  {2, 3,  6, 7},  {4, 5,  8, 9}  requiring  44.5 
E.U.  for  sending  one  message  to  each  group. 

^Erom  this  example,  we  observe  that  the  optimal  sub-group 
set  of  four  {2, 3,  6, 7},  cannot  be  represented  as  the  union  of  any 
of  the  optimal  sub-group  sets  of  two.  This  in  turn  implies  that 
we  cannot  use  MWNBM  to  iteratively  construct  the  optimal 
key  tree. 

Characterization  of  the  hardness  of  the  original  problem 
remains  open. 

C.  A  sub-optimal  solution  based  on  routing  with  low- 
complexity 

The  main  idea  behind  the  sub-optimal  solution  is  based  on 
the  observation  that  in  a  secure  multicast  with  single  source 


having  routing  tree  that  is  rooted  at  the  source,  the  energy  to 
reach  a  node  from  the  source  increases  monotonically  as  the 
node  distance  from  the  source  increases.  Hence,  if  the  routing  is 
based  on  geometric  distance,  we  can  make  use  of  it  to  arrange 
the  nodes  in  an  ascending  order  based  on  the  energies  required 
to  reach  them^  We  now  describe  the  main  idea. 

Our  sub-optimal  solution  relies  on  the  multicast  routing  tree 
R  for  constructing  an  energy-efficient  key  distribution  tree  T. 
By  accumulating  information  from  the  routing  tables  during 
the  route  path  establishment,  the  GC  can  compute  the  energy 
EfR),  i  =  1..N  required  to  unicast  a  message  to  each  member 
of  the  multicast  group. 

Consider  the  nodes  I  and  O  and  assume  that  £j  <  Eq,  where 
£i  is  the  energy  to  reach  node  I  and  £o  is  the  energy  to  reach 
node  O.  Then  the  energy  expenditure  for  sending  a  message 
to  both  I  and  O  is  Eq  if  /  and  O  share  a  common  key,  and 
Eo  -\-  El  if  I  and  O  do  not  share  a  common  key.  Hence,  by 
assigning  a  common  key  to  I  and  O  we  save  £j  units  of  energy 
with  maximum  savings  being  achieved  when  Ej  =  Eq- 

Eor  example,  in  Eigure  3(a),  the  node  number  hve  is  rel¬ 
atively  farther  than  node  number  nine  from  the  source  node. 
Hence,  due  to  broadcast  advantage  of  hte  wireless  medium, 
by  transmitting  to  node  hve  we  will  cover  node  nine.  Assume 
that  nodes  hve  and  nine  need  to  receive  a  common  enecrypted 
mesage.  If  they  both  share  a  common  key,  the  source  needs 
to  perform  only  one  transmission  and  the  energy  expenditure 
for  sending  a  key  to  both  hve  and  nine  is  i?{5,g}  =  31.45 
Energy  Units  (EU).  If  they  do  not  share  a  common  key,  the 
source  needs  to  transmit  two  mesaages  and  the  required  energy 
is  E[e^r}  =  58.02  EU. 

If  we  sort  all  members  according  to  Ei,  i  =  l..A^ 

^It  is  not  difficult  to  construct  counter  examples  that  violate  this  statement. 
However,  in  most  cases  this  statement  is  true  for  a  routing  scheme  based  on 
energy  in  wireless.  Also,  the  existence  of  the  counter  examples  is  the  reason 
for  claiming  the  scheme  as  suboptimal. 


in  ascending  order,  we  minimize  the  energy  expenditure 
difference  (£i+i  —  Si)  between  consecutive  members  and 
maximize  the  energy  savings  St  if  transmission  to  node  O 
covers  node  I.  Therefore,  by  assigning  common  keys  to 
members  differing  the  least  in  Si  (placing  them  under  the 
same  parent  node  in  the  key  distribution  tree)  we  achieve  high 
energy  savings.  Based  on  this  observation,  we  propose  the 
placement  of  the  multicast  members  to  the  leaves  of  the  key 
distribution  tree  according  to  the  ascending  order  of  energy 
expenditure  Si.  We  now  present  a  sub-optimal  Routing- Aware 
Key  distribution  scheme  (RAwKey). 

Routing-Aware  Key  Distribution  Scheme  (RAwKey) 

Step  1:  Compute  all  Si{R)  from  the  GC  to  each  member 
of  the  multicast  group. 

Step  2:  Sort  S  =  {81,82,  ...jSn}  in  ascending  order. 

Step  3:  Add  members  as  leaf  nodes  to  the  key  distribution 

tree,  from  left  to  right  in  the  same  order  as  S. 


Though  this  is  not  the  optimal  solution,  its  performance 
and  implementation  simplicity  make  it  an  extremely  attractive 
method  for  key  management  in  secure  multicast  communica¬ 
tions  for  ad  hoc  networks. 

D.  Application  of  RAwKey  to  a  sample  network 

We  now  illustrate  the  construct  of  the  key  tree  for  the  nine- 
node  network  shown  in  Figure  3(a).  The  GC  can  communicate 
with  each  member  of  the  multicast  group  by  using  the  routing 
paths  indicated.  Sorting  the  energies  for  reaching  each  member 
of  the  multicast  group  gives  Ss^Ms}  <  ^{Mt}  <  Ss^m^}  < 
S{M2}  <  '^{Mg}  <  <  S{Mc)}  <  S{M5}-  The  resulting 

key  distribution  tree  is  shown  in  Figure  3(b).  The  optimal  key 
distribution  tree,  obtained  by  exhaustive  searching,  is  shown 
in  Figure  3(c).  We  can  observe  that  the  two  trees  are  almost 
identical  with  only  members  M4  and  My  been  interchanged. 
The  worst  possible  tree,  also  obtained  through  exhaustive 
search  is  shown  in  Figure  3(d).  The  optimal  possible  tree  has 
=  62.7  EU,  the  tree  created  with  RAwKey  has 
E (,R,T)  =  63  EU  (0.5%  worse  than  the  optimal  tree) 
and  the  worst  possible  tree  has  E^y^*{R,T)  =  78.3  EU 
(24.9%  worse  than  the  optimal  tree). 

E.  Complexity  of  RAwKey 

RAwkey  requires  the  computation  of  the  unicast  energies  to 
reach  every  member  of  the  multicast  group  sorted  in  ascending 
order.  During  the  building  of  the  multicast  routing  tree  the  GC 
can  acquire  the  order  by  which  nodes  are  added  to  the  tree.  In 
the  case  of  SPR  the  order  of  adding  nodes  to  the  multicast  tree 
is  the  same  as  sorting  the  unicast  energies  and  no  further  steps 
are  required. 

When  BIP  or  MST  is  used  as  a  routing  algorithm,  the  order 
by  which  nodes  are  added  to  the  multicast  tree  is  not  the  same 
as  the  ascending  order  of  unicast  energies.  However,  the  set 
is  almost  ordered  since  nodes  requiring  less  transmit  power 


to  be  reached  are  in  general  added  first  to  the  routing  tree. 
Hence,  an  efficient  sorting  algorithm  for  almost  sorted  data  can 
significantly  reduce  the  sorting  time.  Bubblesort  [5]  is  known  to 
have  very  good  performance  for  almost  sorted  data  with  0{N) 
complexity  in  the  best  case  (almost  sorted  sets).  The  EWMA 
uses  MST  as  a  base  algorithm  and  hence,  an  almost  ordered 
set  can  also  be  acquired. 

V.  Performance  Evaluation 

We  performed  our  studies  in  randomly  generated  network 
topologies  confined  in  a  10x10  region.  Our  network  is  assumed 
to  be  static.  We  assume  that  the  energy  required  to  transmit 
a  key  at  a  receiver  located  one  distance  unit  away  from  the 
transmitter,  is  one  energy  unit. 

A.  Experiment  1:  Evaluation  of  RAw Key  algorithm 

Since  there  is  no  algorithm  to  provide  the  optimal  solu¬ 
tion  for  the  key  distribution  tree  construction,  we  performed 
exhaustive  search  for  N  =  8.  Eor  larger  group  sizes  N  = 
16,32,64,128,256,  we  generated  for  each  network  instance, 
10,000  different  key  tree  structures  and  compared  the  perfor¬ 
mance  of  RAwKey  with  the  key  tree  that  requires  the  minimum, 
maximum  and  median  Eave  out  of  the  10,000  tree  structures. 
Eurther,  we  repeated  the  same  comparison  for  100  different 
network  topologies  and  averaged  the  result. 

In  Eigure  4(a),  we  observe  that  RAwKey  yields  significant 
savings  compared  to  a  tree  structure  that  does  not  take  into 
account  the  routing  information.  It  has  slightly  worse  perfor¬ 
mance  compared  to  the  best  tree  out  of  the  10,000  trees  and 
gives  significant  savings  compared  to  the  median  and  worse 
possible  tree.  In  Eigure  4(b),  we  compare  the  performance 
of  RAwKey  with  the  location-aware  key  distribution  scheme 
(LocKeD)  we  developed  in  [16].  We  show  the  percentage  dif- 

j^RAw  K  ey _ j^LocK  eD 

ference  (  — %)  between  RAwKey  and  LocKeD 

^AVB 

for  different  number  of  nodes.  RAwKey  outperforms  LocKeD 
by  5.4-8. 2%,  since  LocKeD  may  fail  to  capture  the  circularity 
of  the  broadcast  advantage  [16]. 

B.  Experiment  2:  Performance  of  RAwKey  under  different  rout¬ 
ing  algorithms 

In  our  second  experiment  we  compared  the  performance  of 
RAwKey  under  different  routing  algorithms  and  for  different 
multicast  group  sizes.  We  generated  random  topologies  and 
constructed  the  multicast  routing  tree  using  BIP  [3],  EWMA 
[4],  MST  [5]  and  SPR  [5].  We  applied  RAwKey  under  the  dif¬ 
ferent  routing  algorithms  and  measured  Eave-  In  Eigure  4(c) 
we  can  observe  that  SPR  gives  the  minimum  re-key  energy 
expenditure,  BIP  and  MST  have  similar  performance,  while 
EWMA  needs  increasing  energy  for  re-keying  as  the  multicast 
group  size  grows. 

By  examining  the  type  of  routing  trees  resulting  from  the 
application  of  SPR,  BIP,  MST  and  EWMA,  we  can  observe  that 
SPR,  BIP  and  MST  tend  to  be  multi-hop  in  contrast  to  EWMA 
that  covers  many  nodes  with  one  transmission.  Although  a 


(a)  (b)  (c) 

Fig.  4.  (a)  Performance  of  RAwKey  for  different  TV.  (b)  Comparison  RAwKey  with  LocKeD  for  different  TV.  (c)  Comparison  of  the  RAwKey  under  different 

routing  algorithms. 


single  transmission  is  beneficial  for  broadcasting  a  message 
to  all  members  of  the  multicast  group  and  reducing  the  total 
transmit  power,  it  proves  inefficient  when  messages  need  to  be 
transmitted  to  small  sub-groups  or  even  unicasted.  Re-keying 
after  a  member  leave  involves  many  transmission  to  smaller 
groups  than  the  whole  multicast  group.  SPR  is  optimized  for 
unicast  transmissions  and  therefore  delivers  keys  to  single 
members  with  minimal  energy  expenditure.  On  the  other  hand, 
EWMA  requires  the  most  energy  for  unicasting,  since  it  favors 
one-hop  long  range  transmission  to  cover  many  nodes. 

VI.  Conclusion 

We  introduced  a  cross-layer  design  approach  for  key  man¬ 
agement  in  wireless  multicast,  that  distributes  cryptographic 
keys  to  valid  group  members  in  an  energy-efficient  way.  By 
considering  the  physical  and  network  layer,  we  formulated 
an  optimization  problem  for  minimizing  the  energy  required 
for  re-keying.  We  showed  that  the  optimal  solution  is  not 
scalable  with  group  size  N  and  developed  a  simple  sub-optimal 
scheme  that  exploits  available  routing  information.  We  call 
our  scheme  routing  aware  key  distribution  scheme  (RAwKey). 
We  illustrated  the  application  of  our  scheme  in  binary  trees 
and  provided  simulation  results  indicating  that  the  performance 
of  RAwKey  is  reasonable  compared  to  the  optimal.  Finally, 
we  studied  RAwKey  in  conjunction  with  different  underlying 
routing  algorithms,  and  provided  intuition  behind  performance 
variations  that  we  observed.  We  argued  that  multicast  rout¬ 
ing  algorithms  with  small  unicast  transmission  energy,  give 
smaller  Eav e  due  to  the  unicast  and  small  group  transmissions 
involved  in  re-keying.  Proving  the  difficulty  of  the  problem 
reamins  open. 
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